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Abstract — (Mobile Adhoc network) is a infrastructure less 
network used for wireless communication. MANET can be built 
with the mobile nodes which can move anywhere at any time. 
This results into the dynamic topology of MANET. Each node is 
responsible for routing the message from one node to the other 
like a router, causes network more vulnerable to the different 
attacks. In this paper we will discuss Black Hole Attack a type 
of DOS attack and Worm Hole Attack. The emphasis of this 
paper is find detection method and prevention of these attacks in 
manets using Antnet Routing algorithm based on Ant Colony 
Optimization(ACO) framework. 

Index Terms — DOS attack, Black hole attack,Worm hole 
attack 

I. Introduction 

A mobile ad hoc network (MANET) is relatively new 
communication paradigm. MANET has received spectacular 
consideration because of their self-configuration and 
self-maintenance. Early research assumed a friendly and 
cooperative environment of wireless network. As a result they 
focused on problems such as wireless channel access and 
multi hop routing. But security has become a primary concern 
to provide protected communication between mobile nodes in 
a hostile environment. 

Although mobile ad hoc networks have several advantages 
over wired networks, on the other side they pose a number of 
non-trivial challenges to the security design as they are more 
vulnerable than wired networks [1]. These challenges include 
open network architecture, shared wireless medium, 
demanding resource constraints, and, highly dynamic network 
topology. 

In this paper, we have considered a fundamental security 
problem in MANET. To protect its basic functionality to 
deliver data bits from one node to another. Nodes help each 
other in conveying information to and fro and thereby creating 
a virtual set of connections between each other. Routing 
protocols play an very imperative role in the creation and 
maintenance of these connections. 

In contrast to wired networks, each node in an ad-hoc 
networks acts like a router and forwards packets to other peer 
nodes. The wireless channel is accessible to both legitimate 
network users and malicious attackers. As a result, there is a 
blurry boundary separating the inside network from the 
outside world. 

Many different types of routing protocols have been 
developed for ad hoc networks and have been classified into 
two main categories as Proactive (periodic) protocols and 
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Reactive (on-demand) protocols which has been clearly 
explained in [2] and [3]. Wireless ad hoc networks are 
vulnerable to various attacks. These include passive 
eavesdropping, active interfering, impersonation, and 
denial-of-service. A single solution cannot resolve all the 
different types of attacks in ad hoc networks. In this paper, we 
have designed a novel method to detect black hole attack: 
ACO, which isolates that malicious node from the network. 
We have complemented the reactive system on every node on 
the network. This agent stores the Destination sequence 
number of incoming route reply packets in the routing table 
and calculates the threshold value to evaluate the dynamic 
training data in every time interval as in [4]. Our solution 
makes the participating nodes realize that, one of their 
neighbors is malicious; the node thereafter is not allowed to 
participate in packet forwarding operation[5]. 

II. Antnet 

AntNet is an instance of an ACO algorithm for distributed and 
adaptive routing in Communication networks. In distributed 
adaptive routing at each network node the routing policy is 
continually adapted to the variations in the input traffic 
patterns. 

The basic principle of an ant routing algorithm is that ants 
deposit on the ground a pheromone, while they roam looking 
for food. Ants can also smell pheromone and tend to follow 
with higher probability those paths characterized by strong 
pheromone concentrations. The pheromone trails allow the 
ants to find their way to the food source (or back to the nest). 
The same pheromone trails can be used by another ants. This 
pheromone-trail-following behaviour gives raise to the 
emergence of the shortest path.An ant routing algorithm can 
be briefly described in the following way in Fig. 1 



Fig 1 : Basic principle of ant routing paradigm. 


From each network node, a number of discovery packets 
(forward ants) are sent towards the selected destination nodes. 
They propagate concurrently and independently. In each node 
routing tables consists of stochastic tables, used to select next 
hops according to weighted probabilities. These probabilities 
are calculated on the basis of the pheromone trails left by 
previous ants which is as shown below: 
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Fig 2 : Routing Tables 
Ant’s Pheromone trail depositing 
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While moving, the ants deposit pheromone on the path links, 
i.e., in the node routing tables they change the probability to 
select a particular next hop.Once a forward ant gets to the 
destination node, it first generates a backward ant and then 
dies. This way, the new packet created and sent back to the 
source will propagate through the same path selected by the 
forward ant. 

On its way back, the backward ant deposits pheromone on the 
reverse path links. Thus it updates the routing table of the 
nodes along the path. Once it has returned to the source node, 
the backward ant dies. A distributed heuristic solution like the 
ant routing displays several features making it particularly 
suitable in ad hoc networks [6]. 

However research has shown that in MANETs ,the best path 
for routing (considering the overall network benefit as well as 
node benefit) is not necessarily the shortest path but instead 
the path which optimizes number of hops (length of path), 
congestion along path and load balancing[8]. 

The basic steps under ACO System 

III. Ant Colony Optimization(ACO) System: 

1) Starting node is selected at random. 

2) Path is selected randomly based upon: amount of “ 

Pheromone trail” present on possible paths from 
starting node. 

3) Higher probability for paths with more “trail”. Ant reaches 

next node, selects next path. Continues until reaches 
starting node. Finished “tour” is a solution. 

4) A completed tour is analyzed for optimality. 

Higher probability of ant selecting path that 
is part of a better-performing tour. 

5) New cycle is performed. Repeated until most 

ants select the same tour on every cycle 
(convergence to solution). 

IV. ATTACKS IN ACO based MANETS 

MANETs are vulnerable to various attacks. General attack 
types are the threats against Physical, MAC, and network 
layer which are the most important layers that function for the 
routing mechanism of the ad hoc network. Attacks in the 
network layer have generally two purposes: not forwarding 
the packets or adding and changing some parameters of 
routing messages. Black hole is one of the major threat. 


A. Blackhole Attack 

In Blackhole attack, the malicious node waits for the 
neighbors to initiate a FORWARD ANT packet. As the node 
receives the FORWARD ANT packet, it will immediately 
send a false BACKWARD ANT packet with a modified 
higher sequence number. So, that the source node assumes 
that node is having the fresh route towards the destination. 
The source node ignores the BACKWARD ANT packet 
received from other nodes and begins to send the data packets 
over malicious node. A malicious node takes all the routes 
towards itself. It does not allow forwarding any packet 
anywhere. This attack is called a Black hole as it swallows all 
objects [9]. 

In figure 4 source node S wants to send data packets to a 
destination node D in the network. 



Node M is a malicious node which acts as a blackhole. The 
attacker replies with false reply BACKWARD ANT having 
higher modified sequence number. So, data communication 
initiates from S towards M instead of D. 

Experimentation was done on Antnet routing algorithm 
using NS2 simulator by transmitting data between nodes 
using UDP agent and CBR traffic. Sender sends the data via 
attacker. Source node transfers data to attacker that does not 
have shortest route to Destination. Attacker does not forward 
data to its neighbors. 



B. Solution Against Black Hole Attack 

In normal ACO, the node that receives the BACKWARD 
ANT packet first checks the value of sequence number in its 
routing table. The BACKWARD ANT packet is accepted if it 
has B ACKWARD_ANT_sequence number is higher than the 
threshold value. The threshold value is dynamically. Updated 
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as in [4] in every time interval. As the value of BACKWARD 
ANT_sequence_number is found to be higher than the 
threshold value, the node is suspected to be malicious and it 
adds the node to the black list. As the node detected an 
anomaly, it sends a new control packet, ALARM to its 
neighbours. The ALARM packet has the black list node as a 
parameter so that, the neighbouring nodes know that 
BACKWARD ANT packet from the node is to be discarded. 
Further, if any node receives the BACKWARD ANT packet, 
it looks over the list, if the reply is from the blacklisted node; 
no processing is done for the same. It simply ignores the node 
and does not receive reply from that node again. So, in this 
way, the malicious node is isolated from the network by the 
ALARM packet. The continuous replies from the malicious 
node are blocked, which results in less routing overhead. 
Moreover, unlike ACO, if the node is found to be malicious, 
the routing table for that node is not updated, nor the packet is 
forwarded to another node. 

The threshold value is dynamically updated using the data 
collected in the time interval. If the initial training data were 
used, then the system could not adapt the changing 
environment. The threshold value is the average of the 
difference of destination sequence number in each time slot 
between the sequence number in the routing table and the 
BACKWARD ANT packet. The time interval to update the 
threshold value is as soon as a newer node receives a 
BACKWARD ANT packet. As a new node receives a 
BACKWARD ANT for the first time, it gets the updated 
value of the threshold. So our design not only detects the 
Black hole attack, but tries to prevent it further, by updating 
threshold which reflects the real changing environment. Other 
nodes are also updated about the malicious act by an ALARM 
packet, and they react to it by isolating the malicious node 
from network. 

C. Worm Hole Attack 

A wormhole attack is a particularly severe attack on MANET 
routing where two attackers, connected by a high-speed 
off-channel link, are strategically placed at different ends of a 
network. Consider Figure in which node A sends RREQ to 
sink node, and nodes Ml and M2 are malicious nodes having 
an out-of-band channel between them . Node Ml “tunnels” 
the RREQ to M2 , which is legitimate neighbor of sink node. 
Sink node gets two RREQ - S-A-B-C-Sink and 
AM1-M2-Sink-B. The second route is shorter and faster then 
the first, and chosen by sink. Since the transmission between 
two nodes has rely on relay nodes, many routing protocols 
have been proposed for ad hoc network. In a wormhole attack, 
attackers “tunnel” packets to another area of the network 
bypassing normal routes as shown in Figure 3. The resulting 
route through the wormhole may have lower hop count than 
normal routes. With this leverage, attackers using wormhole 
can easily manipulate the routing priority in MANET to 
perform eavesdropping, packet modification or perform a 
DOS attack . The entire routing system in MANET can even 
be brought down using the wormhole attack [7]. 


ABC Sink 



Experimentation was done on Antnet routing algorithm using 
NS2 simulator by transmitting data between nodes using 
UDP agent and CBR traffic. An adversary forms tunnel with 
other adversary using a direct low latency 
communication link. 



D. Solution against Worm Hole attack 

Packet leash [2] is a mechanism for detecting and thus 
defending against wormhole attacks. A leash is any 
information that is added to a packet designed to restrict the 
packets maximum allowed transmission distance. The 
mechanism proposes two types of leashes for this purpose: 
Geographic and Temporal. In Geographic Leashes, each node 
knows its precise position and all nodes have a loosely 
synchronized clock. Each node, before sending a packet, 
appends its current position and transmission time to it. The 
receiving node, on receipt of the packet, computes the 
distance to the sender and the time it took the packet to 
traverse the path. The receiver can use this distance anytime 
information to deduce whether the received packet passed 
through wormhole or not. In Temporal Leashes, the sender 
appends the sending time to the packet and the receiving node 
computes a travelling distance of that packet assuming 
propagation at the speed of the light and using the difference 
between packet sending time and packet receiving time. 
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V. APPLICATIONS 

Ad-hoc networks are suited for use in situations where an 
infrastructure is unavailable or to deploy one is not cost 
effective. One of many possible uses of mobile ad-hoc 
networks is in some business environments, where the need 
for collaborative computing might be more important outside 
the office environment than inside, such as in a business 
meeting outside the office to brief clients on a given 
assignment. Work has been going on to introduce the 
fundamental concepts of game theory and its applications in 
telecommunications. A mobile ad-hoc network can also be 
used to provide crisis management services applications, such 
as in disaster recovery, where the entire communication 
infrastructure is destroyed and resorting communication 
quickly is crucial. By using a mobile ad-hoc network, an 
infrastructure could be set up in hours instead of weeks, as is 
required in the case of wired line communication. Another 
application example of a mobile ad-hoc network is Bluetooth, 
which is designed to support a personal area network by 
eliminating the need of wires between various devices, such 
as printers and personal digital assistants. 

VI. CONCLUSION 

In this paper, we have used a very simple and effective way of 
providing security against Black hole attack by introducing 
some modifications to ACO. The ACO algorithm is efficient 
in providing an optimal path for the reasons like, it is fully 
distributed implies there is no single point of failure; the 
operations to be performed in each node are very simple; the 
algorithm is based on an asynchronous and autonomous 
interaction of agents; it is self- organizing, thus robust and 
fault tolerant implies there is no need of defining path 
recovery algorithms; it is intrinsically traffic adaptive without 
any need for complex and yet inflexible metrics; it is 
inherently adaptive to all kinds of long-term variations in 
topology and traffic demand, which are difficult to be taken 
into account by deterministic approaches. By adding a 
threshold value factor to ACO, the black hole attack is not 
only detected, but also prevented. Hence, by using ACO(with 
threshold value factor) as a routing algorithm in MANETS, 
one can also be sure of not being susceptible to black hole 
attacks. Our prevention scheme detects the malicious nodes 
and isolates it from the active data forwarding and routing and 
reacts by sending ALARM packet to its neighbors.We also 
infer that a more detailed research and with some add-on 
features to ACO, the other security threats can also be 
detected and to a certain extent prevented like the way we 
have proposed for the black hole attack. 
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